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DETAILED ACTION 



Response to Amendment 

1 . This action is in response to the amendment filed 04/1 6/2004 that 
amended the specification and the abstract. 

Response to Arguments 

2. Applicant's arguments filed 4/16/2004 have been fully considered but they 
are not persuasive. Applicant argues that, in the Howard reference, the affiliate 
server and the authentication server do not communicate directly and use the 
client as an intermediate to redirect the authentication request and response 
(page 7, first paragraph). Howard, in an alternate embodiment, does teach that 
that the affiliate server and the authentication server communicate directly with 
each other (col. 8, lines 29-31 ). Applicant points out that the secondary 
reference, Moriconi, does not show the first and second data processing agents 
(page 6, lines 1-3) and an authentication method and interaction between the first 
and second data processing agents as claimed (page 7, last paragraph). 
Moriconi teaches two data processing agents providing application service and 
authorization service and the two data processing agents being on the same 
server machine (col. 10, line 64 - col. 1 1 , line 6). Since Howard does not teach 
that the two data processing agents are on the same server, the examiner only 
used the Moriconi reference to provide motivation, as stated in the Office Action, 
to implement two data processing agents of Howard on the same server. 
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Claim Rejections - 35 USC § 103 

3. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for 
all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described 
as set forth In section 102 of this title, if the differences between the subject matter sought to 
be patented and the prior art are such that the subject matter as a whole would have been 
obvious at the time the invention was made to a person having ordinary skill in the art to which 
said subject matter pertains. Patentability shall not be negatived by the manner in which the 
Invention was made. 

4. Claims 1-4 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Howard et al. (6,584,505) in view of Moriconi et al. (6,158,010). 

a. Regarding claims 1 and 4, Howard et al. disclose a method of 
authenticating a user of a client computer at a server computer, comprising the 
steps of: 

receiving a service request from the user at a first data processing agent 
(col. 6, lines 40-42); 

submitting an authentication request from the first data processing agent 
to a second data processing agent to authenticate the user (col. 6, lines 51-52; 
col. 8, lines 29-32); 

receiving a response to the authentication request at the first data 
processing agent from the second data processing agent (col. 7, lines 44-45); 
and 

if the received response indicates that the user is successfully 
authenticated, providing the requested service to the user (col. 7, lines 54-56). 
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Howard does not disclose that the data processing agents are on the 
same server, Moriconi et al. disclose that two data processing agents are 
implemented on the same server (col. 10. line 64-col. 1 1 , line 6). It would have 
been obvious to one of ordinary skill in the art at the time the invention was made 
modify the method of Howard such that the first and second data processing 
agents are implemented on the same server to provide maximum performance 
and minimize network traffic overhead, 

b. Regarding claim 2, Howard does not disclose that the received response 
includes a level of access privileges for the user, and the providing step includes 
the step of determining the service provided to the user based upon the user's 
access privilege level. Moriconi et al. disclose a level of access privileges for a 
user (col, 7, lines 41-41) and the step of determining the service provided to the 
user based upon the user's access privilege level (col. 8, lines 25-28, col. 13, 
lines 18-23). It would have been obvious to one of ordinary skill in the art at the 
time the invention was made modify the method of Howard such that the 
received response includes a level of access privileges for the user, and the 
providing step includes the step of determining the service provided to the user 
based upon the user's access privilege level. The motivation for doing so would 
have been to provide service to authorized users only, 

c. Regarding claim 3, Howard further discloses that the first data processing 
agent is included in a first server and the second data processing agent is 
included in a second server (see figure 1). 
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5. Claims 5-6 and 8-1 1 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Howard in view of Moriconi and Fuh et al. (6,463,474). 
a. Regarding claims 5-6 and 8, Howard et al. disclose a method of 
authenticating a user of a client computer at a server computer, comprising the 
steps of: 

receiving a service request from the user at a first data processing agent 
(col. 6, lines 40-42); 

submitting an authentication request from the first data processing agent 
to a second data processing agent to authenticate the user (col. 6, lines 51-52; 
col. 8, lines 29-32); 

authenticating the user at the second data processing agent (col. 6, lines 
59-66); 

if the user is successfully authenticated, storing timeout a value indicative 
of a predetermined time period (col. 6, lines 1-6, 13-19); 

determining whether the predetermined time period is exceeded starting 
from the last authentication process (col. 6, lines 1-6, 13-19); and 

if the predetermined time period is exceeded, requiring the user to be 
authenticated at the second data processing agent upon receipt of the second 
service request (col. 6, lines 1-6, 13-19). 

Howard does not disclose that the data processing agents are on the 
same server. Moriconi et al. disclose that two data processing agents are 
implemented on the same server (col, 10, line 64-col. 1 1 , line 6). It would have 
been obvious to one of ordinary skill in the art at the time the invention was made 
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modify the method of Howard such that the first and second data processing 
agents are implemented on the same server to provide maximum performance 
and minimize network traffic overhead. 

Although the second data processing agent in the Howard reference 
stores a timeout value and enforces a timeout policy for all requests made to the 
first data processing agent, that timeout policy is not based on a maximum time 
period allowed since the last request. Fuh discloses a method providing network 
access control which uses the maximum time allowed since the last request as 
an authentication requirement; the method comprising the steps of: if the user is 
successfully authenticated, storing a timeout value indicative of a predetermined 
time period; determining whether the predetermined time period is exceeded 
starting from a time of receipt of the previous service request; and if the 
predetermined time period is exceeded without receiving a service request from 
the user, requiring the user to be authenticated at the second data processing 
agent upon receipt of the next service request (col. 12, lines 41-45; col. 14, lines 
34, 42-56). It would have been obvious to one of ordinary skill in the art at the 
time the invention was made modify the method of Howard to also use the 
maximum time allowed since the last request as an authentication requirement 
and to include the steps of: if the user is successfully authenticated, storing a 
timeout value indicative of a predetermined time period; determining whether the 
predetermined time period is exceeded starting from a time of receipt of the first 
service request; and if the predetermined time period is exceeded without 
receiving a second service request from the user, requiring the user to be 
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authenticated at the second data processing agent upon receipt of the second 
service request, as taught in Fuh. The motivation for doing so would have been 
for the first data processing agent to be able to delete information associated with 
users that have not initiated any request in a predetermined time period to save 
memory. 

b. Regarding claims 9-1 1 , Howard et al. disclose a method of authenticating 
a user of a client computer at a server computer, comprising the steps of: 

receiving a service request from the user at a first data processing agent 
(col. 6, lines 40-42); 

submitting an authentication request from the first data processing agent 
to a second data processing agent to authenticate the user (col. 6, lines 51-52; 
col. 8. lines 29-32); 

authenticating the user at the second data processing agent (col. 6, lines 
59-66). 

Howard does not disclose that the data processing agents are on the 
same server. Moriconi et al. disclose that two data processing agents are 
implemented on the same server (col. 10, line 64-coL 1 1 , line 6). It would have 
been obvious to one of ordinary skill in the art at the time the invention was made 
modify the method of Howard such that the first and second data processing 
agents are implemented on the same server to provide maximum performance 
and minimize network traffic overhead. 

Howard also does not disclose the steps of: if the user is successfully 
authenticated at the second data processing agent, storing user authentication 
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information at the first data processing agent at the first data processing agent; 
receiving a next service request from the user at the first data processing agent; 
authenticating the user at the first data processing agent using the stored 
information; if the user is successfully authenticated at the first data processing 
agent, providing the requested service to the user; and if the user is not 
successfully authenticated at the first data processing agent, submitting an 
authentication request to the second data processing agent. Fuh discloses a 
method for providing network access control comprising the steps of: if the user 
is successfully authenticated at the second data processing agent, storing user 
authentication information at the first data processing agent at the first data 
processing agent (col. 12, lines 41-45); receiving a next service request from the 
user at the first data processing agent (col. 12, lines 52-55); authenticating the 
user at the first data processing agent using the stored information (col. 12, lines 
52-55); if the user is successfully authenticated at the first data processing agent, 
providing the requested service to the user (col. 12, lines 52-55); and if the user 
is not successfully authenticated at the first data processing agent, submitting an 
authentication request to the second data processing agent (col. 14, lines 49- 
56). ). It would have been obvious to one of ordinary skill in the art at the time 
the invention was made modify the method of Howard to include the steps of: if 
the user is successfully authenticated at the second data processing agent, 
storing user authentication information at the first data processing agent at the 
first data processing agent; receiving a next service request from the user at the 
first data processing agent; authenticating the user at the first data processing 
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agent using the stored information; if the user is successfully authenticated at the 
first data processing agent, providing the requested service to the user; and if the 
user is not successfully authenticated at the first data processing agent, 
submitting an authentication request to the second data processing agent, as 
taught in Fuh, to achieve advantage and improvement in authentication speed 
and efficiency. 

6. Claim 7 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Howard in view of Moriconi and Fuh as applied to claim 5 above, and further in 
view of Sampson et al. (6,490,624). Howard, Moriconi and Fuh, in the method of 
claim 5, do not disclose that the first data processing agent, upon receipt of the 
second request, transmits a notification to the second data processing agent so 
that the second data processing agent can use the new time for checking against 
a future request. Sampson discloses a system in which one data processing 
agent, upon receipt of a request, notifies other agents so that they can update 
their corresponding "Last Access Time" value and use the updated value to make 
decision regarding a future request (col. 13, lines 24-28; col. 14, lines 6-12; 22- 
24). It would have been obvious to one of ordinary skill in the art at the time the 
invention was made modify the method of Howard such that the first data 
processing agent, upon receipt of the second request, transmits a notification to 
the second data processing agent so that the second data processing agent can 
use the new time for checking against a future request, as suggested by 
Sampson, to facilitates security of the system. 
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Conclusion 

3. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of 
time policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire 
THREE MONTHS from the mailing date of this action. In the event a first reply is 
filed within TWO MONTHS of the mailing date of this final action and the advisory 
action is not mailed until after the end of the THREE-MONTH shortened statutory 
period, then the shortened statutory period will expire on the date the advisory 
action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be 
calculated from the mailing date of the advisory action. In no event, however, will 
the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 

Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to Minh Dinh whose telephone number is 703- 
306-5617. The examiner can normally be reached on Mon - Fri: 9:00 am - 5:30 
pm. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Gilberto Barron can be reached on 703-305-1830. The 
fax phone number for the organization where this application or proceeding is 
assigned is 703-872-9306. 
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Private PAIR only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll- 
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